signcryption

package module
v0.0.0-...-1b2fa07 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 6, 2018 License: MIT Imports: 7 Imported by: 2

README

signcryption

GoDoc

A collection of signcryption algorithms and protocols for Go based around the AAI signcryption scheme.

Algorithms

Ahmad-Afzal-Iqbal (AAI)

Ahmad-Afzal-Iqbal signcryption is an elliptic curve signcryption scheme designed for firewalls. AAI provides signatures that can be publically verified without revealing the contents of the ciphertext. In contrast, most signcryption schemes provide signature verification as part of the decryption process and not as a separate process.

AAI signcryption provides the following features in unison:

  • confidentiality
  • message integrity
  • signature unforgeability
  • non-repudiation
  • public verification
  • ciphertext-only authentication
  • forward secrecy

This version of AAI is implemented with the elliptic curves P256 & P521, AES counter mode encryption, and SHA-256 for generating keys.

Protocols

Signcrypted Transport Layer (STL)

A transport layer similar to TLS that uses AAI signcryption. Used plainly, STL offers the same guarantees as TLS with client authentication. However, STL also includes support for a "relayer," which is untrusted, third party proxy that can sit in between a client-server connection, cryptographically verifying the origin and destination of each traffic segment. A relayer can provide NAT traversal, firewalling, and other services.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// StandardCurve is the curve we use for all elliptic curve
	// operations.
	StandardCurve = elliptic.P256()
)

Functions

This section is empty.

Types

type Certificate

type Certificate struct {
	ID                   []byte
	EncryptionPrivateKey *ecdsa.PrivateKey
	EncryptionPublicKey  *ecdsa.PublicKey
	HandshakePrivateKey  *ecdsa.PrivateKey
	HandshakePublicKey   *ecdsa.PublicKey
}

Certificate describes the information that identifies each unique user of STL. Certificates should be validated externally.

func GenerateCertificate

func GenerateCertificate(rand io.Reader) (*Certificate, error)

GenerateCertificate generates a random certificate. The certificate still needs an ID field which should be produced by an external entity.

func UnmarshalCertificate

func UnmarshalCertificate(b []byte) (*Certificate, error)

UnmarshalCertificate parses out a certificate from a slice of bytes.

func (*Certificate) Equal

func (c *Certificate) Equal(c2 *Certificate) bool

Equal checks whether two certificates are equal. Equal only checks public key parameters.

func (*Certificate) Marshal

func (c *Certificate) Marshal() ([]byte, error)

Marshal marshals a certificate into bytes.

func (*Certificate) Validate

func (c *Certificate) Validate() error

Validate validates a certificate

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL